@novasamatech/host-papp 0.4.0-0

package/README.md

@@ -0,0 +1,11 @@
+# @novasamatech/host-papp
+
+Polkadot app integration layer for host applications.
+
+## Overview
+
+## Installation
+
+```shell
+npm install @novasamatech/host-papp --save -E
+```

package/dist/adapters/identity/rpc.d.ts

@@ -0,0 +1,4 @@
+import type { LazyClientAdapter } from '../lazyClient/types.js';
+import type { StorageAdapter } from '../storage/types.js';
+import type { IdentityAdapter } from './types.js';
+export declare const createIdentityRpcAdapter: (lazyClient: LazyClientAdapter, storage: StorageAdapter) => IdentityAdapter;

package/dist/adapters/identity/rpc.js

@@ -0,0 +1,31 @@
+import { AccountId } from 'polkadot-api';
+export const createIdentityRpcAdapter = (lazyClient, storage) => {
+    const getKey = (accountId) => `identity_${accountId}`;
+    const accCodec = AccountId();
+    return {
+        async getIdentity(accountId) {
+            const existingIdentity = await storage.read(getKey(accountId));
+            if (existingIdentity) {
+                try {
+                    return JSON.parse(existingIdentity);
+                }
+                catch (error) {
+                    console.error('Error while reading identity from cache', error);
+                }
+            }
+            const client = lazyClient.getClient();
+            const unsafeApi = client.getUnsafeApi();
+            const result = await unsafeApi.query.Resources?.Consumers?.getValue(accCodec.dec(accountId));
+            if (result) {
+                const identity = {
+                    fullUsername: result.full_username ? result.full_username.asText() : null,
+                    liteUsername: result.lite_username ? result.lite_username.asText() : null,
+                    credibility: result.credibility.type,
+                };
+                await storage.write(getKey(accountId), JSON.stringify(identity));
+                return identity;
+            }
+            return null;
+        },
+    };
+};

package/dist/adapters/identity/types.d.ts

@@ -0,0 +1,8 @@
+export type Identity = {
+    fullUsername: string | null;
+    liteUsername: string;
+    credibility: string;
+};
+export type IdentityAdapter = {
+    getIdentity(accountId: string): Promise<Identity | null>;
+};

package/dist/adapters/identity/types.js

@@ -0,0 +1 @@
+export {};

package/dist/adapters/lazyClient/papi.d.ts

@@ -0,0 +1,3 @@
+import type { JsonRpcProvider } from '@polkadot-api/json-rpc-provider';
+import type { LazyClientAdapter } from './types.js';
+export declare const createPapiLazyClient: (provider: JsonRpcProvider) => LazyClientAdapter;

package/dist/adapters/lazyClient/papi.js

@@ -0,0 +1,12 @@
+import { createClient } from 'polkadot-api';
+export const createPapiLazyClient = (provider) => {
+    let client = null;
+    return {
+        getClient() {
+            if (!client) {
+                client = createClient(provider);
+            }
+            return client;
+        },
+    };
+};

package/dist/adapters/lazyClient/types.d.ts

@@ -0,0 +1,4 @@
+import type { PolkadotClient } from 'polkadot-api';
+export type LazyClientAdapter = {
+    getClient(): PolkadotClient;
+};

package/dist/adapters/lazyClient/types.js

@@ -0,0 +1 @@
+export {};

package/dist/adapters/statement/rpc.d.ts

@@ -0,0 +1,3 @@
+import type { LazyClientAdapter } from '../lazyClient/types.js';
+import type { StatementAdapter } from './types.js';
+export declare function createPapiStatementAdapter(lazyClient: LazyClientAdapter): StatementAdapter;

package/dist/adapters/statement/rpc.js

@@ -0,0 +1,45 @@
+import { createStatementSdk } from '@polkadot-api/sdk-statement';
+import { FixedSizeBinary } from '@polkadot-api/substrate-bindings';
+export function createPapiStatementAdapter(lazyClient) {
+    const POLLING_INTERVAL = 1000;
+    const sdk = createStatementSdk((method, params) => {
+        const client = lazyClient.getClient();
+        return client._request(method, params);
+    });
+    const transportProvider = {
+        getStatements(topics) {
+            // @ts-expect-error lib versions mismatch
+            return sdk.getStatements({ topics: topics.map(topic => new FixedSizeBinary(topic)) });
+        },
+        subscribeStatements(topics, callback) {
+            return polling(POLLING_INTERVAL, () => transportProvider.getStatements(topics), callback);
+        },
+        submitStatement(statement) {
+            return sdk.submit(statement);
+        },
+    };
+    return transportProvider;
+}
+function polling(interval, request, callback) {
+    let active = true;
+    let tm = null;
+    function createCycle() {
+        tm = setTimeout(() => {
+            if (!active) {
+                return;
+            }
+            request()
+                .then(callback)
+                .finally(() => {
+                createCycle();
+            });
+        }, interval);
+    }
+    createCycle();
+    return () => {
+        active = false;
+        if (tm !== null) {
+            clearTimeout(tm);
+        }
+    };
+}

package/dist/adapters/statement/types.d.ts

@@ -0,0 +1,6 @@
+import type { SignedStatement, Statement } from '@polkadot-api/sdk-statement';
+export type StatementAdapter = {
+    getStatements(topics: Uint8Array[]): Promise<Statement[]>;
+    subscribeStatements(topics: Uint8Array[], callback: (response: Statement[]) => unknown): VoidFunction;
+    submitStatement(statement: SignedStatement): Promise<void>;
+};

package/dist/adapters/statement/types.js

@@ -0,0 +1 @@
+export {};

package/dist/adapters/storage/localStorage.d.ts

@@ -0,0 +1,2 @@
+import type { StorageAdapter } from './types.js';
+export declare function createLocalStorageAdapter(prefix: string): StorageAdapter;

package/dist/adapters/storage/localStorage.js

@@ -0,0 +1,12 @@
+export function createLocalStorageAdapter(prefix) {
+    const withPrefix = (key) => `PAPP_${prefix}_${key}`;
+    return {
+        async write(key, value) {
+            localStorage.setItem(withPrefix(key), value);
+            return true;
+        },
+        async read(key) {
+            return localStorage.getItem(withPrefix(key));
+        },
+    };
+}

package/dist/adapters/storage/memory.d.ts

@@ -0,0 +1,2 @@
+import type { StorageAdapter } from './types.js';
+export declare function createMemoryAdapter(external?: Record<string, string>): StorageAdapter;

package/dist/adapters/storage/memory.js

@@ -0,0 +1,12 @@
+export function createMemoryAdapter(external) {
+    const storage = external ? { ...external } : {};
+    return {
+        async write(key, value) {
+            storage[key] = value;
+            return true;
+        },
+        async read(key) {
+            return storage[key] ?? null;
+        },
+    };
+}

package/dist/adapters/storage/types.d.ts

@@ -0,0 +1,4 @@
+export type StorageAdapter = {
+    write(key: string, value: string): Promise<boolean>;
+    read(key: string): Promise<string | null>;
+};

package/dist/adapters/storage/types.js

@@ -0,0 +1 @@
+export {};

package/dist/adapters/transport/rpc.d.ts

@@ -0,0 +1,3 @@
+import type { JsonRpcProvider } from '@polkadot-api/json-rpc-provider';
+import type { Transport } from './types.js';
+export declare function createRpcTransport(rpcProvider: JsonRpcProvider): Transport;

package/dist/adapters/transport/rpc.js

@@ -0,0 +1,51 @@
+import { createClient } from '@polkadot-api/raw-client';
+import { createStatementSdk } from '@polkadot-api/sdk-statement';
+import { FixedSizeBinary } from '@polkadot-api/substrate-bindings';
+export function createRpcTransport(rpcProvider) {
+    const POLLING_INTERVAL = 1000;
+    const client = createClient(rpcProvider);
+    const sdk = createStatementSdk((method, params) => {
+        return new Promise((resolve, reject) => {
+            client.request(method, params, {
+                onSuccess: resolve,
+                onError: reject,
+            });
+        });
+    });
+    const transportProvider = {
+        getStatements(topics) {
+            // @ts-expect-error lib versions mismatch
+            return sdk.getStatements({ topics: topics.map(topic => new FixedSizeBinary(topic)) });
+        },
+        subscribeStatements(topics, callback) {
+            return polling(POLLING_INTERVAL, () => transportProvider.getStatements(topics), callback);
+        },
+        submitStatement(statement) {
+            return sdk.submit(statement);
+        },
+    };
+    return transportProvider;
+}
+function polling(interval, request, callback) {
+    let active = true;
+    let tm = null;
+    function createCycle() {
+        tm = setTimeout(() => {
+            if (!active) {
+                return;
+            }
+            request()
+                .then(callback)
+                .finally(() => {
+                createCycle();
+            });
+        }, interval);
+    }
+    createCycle();
+    return () => {
+        active = false;
+        if (tm !== null) {
+            clearTimeout(tm);
+        }
+    };
+}

package/dist/adapters/transport/types.d.ts

@@ -0,0 +1,6 @@
+import type { SignedStatement, Statement } from '@polkadot-api/sdk-statement';
+export type Transport = {
+    getStatements(topics: Uint8Array[]): Promise<Statement[]>;
+    subscribeStatements(topics: Uint8Array[], callback: (response: Statement[]) => unknown): VoidFunction;
+    submitStatement(statement: SignedStatement): Promise<void>;
+};

package/dist/adapters/transport/types.js

@@ -0,0 +1 @@
+export {};

package/dist/constants.d.ts

@@ -0,0 +1 @@
+export declare const SS_ENDPOINTS: string[];

package/dist/constants.js

@@ -0,0 +1 @@
+export const SS_ENDPOINTS = ['wss://pop-testnet.parity-lab.parity.io:443/9910'];

package/dist/helpers/utils.d.ts

@@ -0,0 +1 @@
+export declare function isAbortError(err: object): boolean;

package/dist/helpers/utils.js

@@ -0,0 +1,3 @@
+export function isAbortError(err) {
+    return err && 'name' in err && err.name === 'AbortError';
+}

package/dist/helpers.d.ts

@@ -0,0 +1 @@
+export declare function isAbortError(err: object): boolean;

package/dist/helpers.js

@@ -0,0 +1,3 @@
+export function isAbortError(err) {
+    return err && 'name' in err && err.name === 'AbortError';
+}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export type { PappAdapter } from './papp.js';
+export type { SignInStatus } from './modules/signIn.js';
+export type { Identity } from './adapters/identity/types.js';
+export declare function createPappHostAdapter(appId: string, metadata: string): import("./papp.js").PappAdapter;

package/dist/index.js

@@ -0,0 +1,7 @@
+import { createPappAdapter } from './papp.js';
+export function createPappHostAdapter(appId, metadata) {
+    return createPappAdapter({
+        appId,
+        metadata,
+    });
+}

package/dist/modules/accounts.d.ts

@@ -0,0 +1 @@
+export declare function getAccountsFlow(): void;

package/dist/modules/accounts.js

@@ -0,0 +1,2 @@
+// TODO implement
+export function getAccountsFlow() { }

package/dist/modules/crypto.d.ts

@@ -0,0 +1,24 @@
+import type { Codec } from 'scale-ts';
+import type { Branded } from '../types.js';
+export type SsPublicKey = Branded<Uint8Array, 'SsPublicKey'>;
+export type SsSecret = Branded<Uint8Array, 'SsSecret'>;
+export type EncrPublicKey = Branded<Uint8Array, 'EncrPublicKey'>;
+export type EncrSecret = Branded<Uint8Array, 'EncrSecret'>;
+export type SharedSession = Branded<Uint8Array, 'SharedSession'>;
+export declare const SsPubKey: Codec<SsPublicKey>;
+export declare const EncrPubKey: Codec<EncrPublicKey>;
+export declare function stringToBytes(str: string): Uint8Array<ArrayBuffer>;
+export declare function bytesToString(bytes: Uint8Array): string;
+export declare function mergeBytes(...bytes: Uint8Array[]): Uint8Array<ArrayBuffer>;
+export declare const SS_SECRET_SEED_SIZE = 32;
+export declare function createSsSecret(seed: Uint8Array): SsSecret;
+export declare function getSsPub(secret: SsSecret): SsPublicKey;
+export declare const ENCR_SECRET_SEED_SIZE = 48;
+export declare function createEncrSecret(seed: Uint8Array): EncrSecret;
+export declare function getEncrPub(secret: EncrSecret): EncrPublicKey;
+export declare function createRandomSeed(suffix: string, size: number): Uint8Array<ArrayBufferLike>;
+export declare function createStableSeed(value: string, size: number): Uint8Array<ArrayBufferLike>;
+export declare function khash(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike>;
+export declare function createSharedSecret(secret: EncrSecret, publicKey: Uint8Array): Uint8Array<ArrayBufferLike>;
+export declare function createSymmetricKey(sharedSecret: Uint8Array): Uint8Array<ArrayBuffer>;
+export declare function decrypt(secret: Uint8Array, message: Uint8Array): Uint8Array<ArrayBufferLike>;

package/dist/modules/crypto.js

@@ -0,0 +1,73 @@
+import { gcm } from '@noble/ciphers/aes.js';
+import { p256 } from '@noble/curves/nist.js';
+import { blake2b } from '@noble/hashes/blake2.js';
+import { hkdf } from '@noble/hashes/hkdf.js';
+import { sha256 } from '@noble/hashes/sha2.js';
+import { randomBytes } from '@noble/hashes/utils.js';
+import { getPublicKey as sr25519GetPublicKey, secretFromSeed as sr25519SecretFromSeed } from '@scure/sr25519';
+import { Bytes } from 'scale-ts';
+// schemas
+function brandedBytesCodec(length) {
+    return Bytes(length);
+}
+export const SsPubKey = brandedBytesCodec(32);
+export const EncrPubKey = brandedBytesCodec(65);
+// helpers
+const textEncoder = new TextEncoder();
+const textDecoder = new TextDecoder();
+export function stringToBytes(str) {
+    return textEncoder.encode(str);
+}
+export function bytesToString(bytes) {
+    return textDecoder.decode(bytes);
+}
+export function mergeBytes(...bytes) {
+    const len = bytes.reduce((l, b) => l + b.length, 0);
+    const merged = new Uint8Array(len);
+    let offset = 0;
+    for (const arr of bytes) {
+        merged.set(arr, offset);
+        offset += arr.length;
+    }
+    return merged;
+}
+// statement store key pair
+export const SS_SECRET_SEED_SIZE = 32;
+export function createSsSecret(seed) {
+    return sr25519SecretFromSeed(seed);
+}
+export function getSsPub(secret) {
+    return sr25519GetPublicKey(secret);
+}
+// encryption key pair
+export const ENCR_SECRET_SEED_SIZE = 48;
+export function createEncrSecret(seed) {
+    const { secretKey } = p256.keygen(seed);
+    return secretKey;
+}
+export function getEncrPub(secret) {
+    return p256.getPublicKey(secret, false);
+}
+// helpers
+export function createRandomSeed(suffix, size) {
+    return blake2b(mergeBytes(randomBytes(128), stringToBytes(suffix)), { dkLen: size });
+}
+export function createStableSeed(value, size) {
+    return blake2b(stringToBytes(value), { dkLen: size });
+}
+export function khash(secret, message) {
+    return blake2b(message, { dkLen: 256 / 8, key: secret });
+}
+export function createSharedSecret(secret, publicKey) {
+    return p256.getSharedSecret(secret, publicKey);
+}
+export function createSymmetricKey(sharedSecret) {
+    return sharedSecret.slice(1, 33);
+}
+export function decrypt(secret, message) {
+    const nonce = message.slice(0, 12);
+    const cipherText = message.slice(12);
+    const aesKey = hkdf(sha256, secret, new Uint8Array(), new Uint8Array(), 32);
+    const aes = gcm(aesKey, nonce);
+    return aes.decrypt(cipherText);
+}

package/dist/modules/secretStorage.d.ts

@@ -0,0 +1,14 @@
+import type { StorageAdapter } from '../adapters/storage/types.js';
+import type { SessionTopic } from '../types.js';
+import type { EncrSecret, SsSecret } from './crypto.js';
+export type SecretStorage = {
+    readSsSecret(): Promise<SsSecret | null>;
+    writeSsSecret(value: SsSecret): Promise<boolean>;
+    readEncrSecret(): Promise<EncrSecret | null>;
+    writeEncrSecret(value: EncrSecret): Promise<boolean>;
+    readSessionTopic(): Promise<SessionTopic | null>;
+    writeSessionTopic(value: SessionTopic): Promise<boolean>;
+    readPappAccountId(): Promise<string | null>;
+    writePappAccountId(value: string): Promise<boolean>;
+};
+export declare function createSecretStorage(appId: string, storage: StorageAdapter): SecretStorage;

package/dist/modules/secretStorage.js

@@ -0,0 +1,53 @@
+import { gcm } from '@noble/ciphers/aes.js';
+import { blake2b } from '@noble/hashes/blake2.js';
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { bytesToString, stringToBytes } from './crypto.js';
+export function createSecretStorage(appId, storage) {
+    const ssSecret = rwBytes('SsSecret', appId, storage);
+    const encrSecret = rwBytes('EncrSecret', appId, storage);
+    const sessionTopic = rwBytes('SessionTopic', appId, storage);
+    const pappAccountId = rwString('PappAccountId', appId, storage);
+    return {
+        readSsSecret: ssSecret.read,
+        writeSsSecret: ssSecret.write,
+        readEncrSecret: encrSecret.read,
+        writeEncrSecret: encrSecret.write,
+        readSessionTopic: sessionTopic.read,
+        writeSessionTopic: sessionTopic.write,
+        readPappAccountId: pappAccountId.read,
+        writePappAccountId: pappAccountId.write,
+    };
+}
+const withAppId = (appId, key) => `${appId}_${key}`;
+const rwBytes = (key, appId, storage) => ({
+    async read() {
+        const value = await storage.read(withAppId(appId, key));
+        if (value) {
+            const aes = getAes(appId);
+            return aes.decrypt(fromHex(value));
+        }
+        else {
+            return null;
+        }
+    },
+    write(value) {
+        const aes = getAes(appId);
+        return storage.write(withAppId(appId, key), toHex(aes.encrypt(value)));
+    },
+});
+const rwString = (key, appId, storage) => {
+    const bytes = rwBytes(key, appId, storage);
+    return {
+        async read() {
+            const value = await bytes.read();
+            return value ? bytesToString(value) : null;
+        },
+        write(value) {
+            const b = stringToBytes(value);
+            return bytes.write(b);
+        },
+    };
+};
+function getAes(appId) {
+    return gcm(blake2b(stringToBytes(appId), { dkLen: 16 }), blake2b(stringToBytes('nonce'), { dkLen: 32 }));
+}

package/dist/modules/signIn.d.ts

@@ -0,0 +1,46 @@
+import type { StatementAdapter } from '../adapters/statement/types.js';
+import type { StorageAdapter } from '../adapters/storage/types.js';
+import type { SessionTopic } from '../types.js';
+import type { EncrPublicKey, SsPublicKey } from './crypto.js';
+export declare const HandshakeData: import("scale-ts").Codec<{
+    tag: "V1";
+    value: [SsPublicKey, EncrPublicKey, string];
+}>;
+export declare const HandshakeResponsePayload: import("scale-ts").Codec<{
+    tag: "V1";
+    value: [Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>];
+}>;
+export declare const HandshakeResponseSensitiveData: import("scale-ts").Codec<[Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>]>;
+export type SignInStatus = {
+    step: 'none';
+} | {
+    step: 'initial';
+} | {
+    step: 'pairing';
+    payload: string;
+} | {
+    step: 'error';
+    message: string;
+} | {
+    step: 'finished';
+    sessionTopic: SessionTopic;
+    pappAccountId: string;
+};
+export type SignInResult = {
+    sessionTopic: SessionTopic;
+    pappAccountId: string;
+};
+type Params = {
+    appId: string;
+    metadata: string;
+    statements: StatementAdapter;
+    storage: StorageAdapter;
+};
+export declare function createSignInFlow({ appId, metadata, statements, storage }: Params): {
+    getSignedUser(): Promise<SignInResult | null>;
+    signIn(): Promise<SignInResult | null>;
+    abortSignIn(): void;
+    getSignInStatus(): SignInStatus;
+    onStatusChange(callback: (status: SignInStatus) => void): import("nanoevents").Unsubscribe;
+};
+export {};

package/dist/modules/signIn.js

@@ -0,0 +1,191 @@
+import { toHex } from '@polkadot-api/utils';
+import { createNanoEvents } from 'nanoevents';
+import { Bytes, Enum, Tuple, str } from 'scale-ts';
+import { isAbortError } from '../helpers/utils.js';
+import { ENCR_SECRET_SEED_SIZE, EncrPubKey, SS_SECRET_SEED_SIZE, SsPubKey, createEncrSecret, createSharedSecret, createSsSecret, createStableSeed, createSymmetricKey, decrypt, getEncrPub, getSsPub, khash, mergeBytes, stringToBytes, } from './crypto.js';
+import { createSecretStorage } from './secretStorage.js';
+import { createSession } from './statementStore.js';
+// codecs
+export const HandshakeData = Enum({
+    V1: Tuple(SsPubKey, EncrPubKey, str),
+});
+export const HandshakeResponsePayload = Enum({
+    // [encrypted, tmp_key]
+    V1: Tuple(Bytes(), Bytes(65)),
+});
+export const HandshakeResponseSensitiveData = Tuple(Bytes(65), Bytes(32));
+export function createSignInFlow({ appId, metadata, statements, storage }) {
+    const secretStorage = createSecretStorage(appId, storage);
+    const events = createNanoEvents();
+    let signInStatus = { step: 'none' };
+    events.on('status', status => {
+        signInStatus = status;
+    });
+    let signInPromise = null;
+    let abort = null;
+    const signInFlow = {
+        getSignedUser() {
+            return Promise.all([secretStorage.readSessionTopic(), secretStorage.readPappAccountId()]).then(([existingSessionTopic, existingPappAccountId]) => {
+                if (existingSessionTopic && existingPappAccountId) {
+                    events.emit('status', {
+                        step: 'finished',
+                        sessionTopic: existingSessionTopic,
+                        pappAccountId: existingPappAccountId,
+                    });
+                    return {
+                        sessionTopic: existingSessionTopic,
+                        pappAccountId: existingPappAccountId,
+                    };
+                }
+                return null;
+            });
+        },
+        async signIn() {
+            if (signInPromise) {
+                return signInPromise;
+            }
+            abort = new AbortController();
+            events.emit('status', { step: 'initial' });
+            signInPromise = signInFlow
+                .getSignedUser()
+                .then(async (signedIn) => {
+                if (signedIn) {
+                    events.emit('status', {
+                        step: 'finished',
+                        sessionTopic: signedIn.sessionTopic,
+                        pappAccountId: signedIn.pappAccountId,
+                    });
+                    return signedIn;
+                }
+                const { ssPublicKey, encrPublicKey, encrSecret } = await getSecretKeys(appId, secretStorage);
+                const handshakeTopic = createHandshakeTopic({ encrPublicKey, ssPublicKey });
+                const handshakePayload = createHandshakePayload({ ssPublicKey, encrPublicKey, metadata });
+                events.emit('status', { step: 'pairing', payload: createDeeplink(handshakePayload) });
+                return waitForStatements(statements, handshakeTopic, abort?.signal ?? null, (statements, resolve) => {
+                    for (const statement of [...statements].reverse()) {
+                        if (!statement.data)
+                            continue;
+                        const { sessionTopic, pappAccountId } = retrieveSessionTopic({
+                            payload: statement.data.asBytes(),
+                            encrSecret,
+                            ssPublicKey,
+                        });
+                        resolve({ sessionTopic, pappAccountId: toHex(pappAccountId) });
+                        break;
+                    }
+                });
+            })
+                .then(async ({ sessionTopic, pappAccountId }) => {
+                await secretStorage.writeSessionTopic(sessionTopic);
+                await secretStorage.writePappAccountId(pappAccountId);
+                events.emit('status', { step: 'finished', sessionTopic, pappAccountId });
+                return { sessionTopic, pappAccountId };
+            })
+                .catch(e => {
+                if (isAbortError(e)) {
+                    events.emit('status', { step: 'none' });
+                    return null;
+                }
+                events.emit('status', { step: 'error', message: e.message });
+                throw e;
+            });
+            return signInPromise;
+        },
+        abortSignIn() {
+            if (abort) {
+                events.emit('status', { step: 'none' });
+                abort.abort();
+            }
+        },
+        getSignInStatus() {
+            return signInStatus;
+        },
+        onStatusChange(callback) {
+            return events.on('status', callback);
+        },
+    };
+    return signInFlow;
+}
+function createHandshakeTopic({ encrPublicKey, ssPublicKey, }) {
+    return khash(ssPublicKey, mergeBytes(encrPublicKey, stringToBytes('topic')));
+}
+function createHandshakePayload({ encrPublicKey, ssPublicKey, metadata, }) {
+    return HandshakeData.enc({
+        tag: 'V1',
+        value: [ssPublicKey, encrPublicKey, metadata],
+    });
+}
+function parseHandshakePayload(payload) {
+    const decoded = HandshakeResponsePayload.dec(payload);
+    switch (decoded.tag) {
+        case 'V1':
+            return {
+                encrypted: decoded.value[0],
+                tmpKey: decoded.value[1],
+            };
+        default:
+            throw new Error('Unsupported handshake payload version');
+    }
+}
+function retrieveSessionTopic({ payload, encrSecret, ssPublicKey, }) {
+    const { encrypted, tmpKey } = parseHandshakePayload(payload);
+    const symmetricKey = createSymmetricKey(createSharedSecret(encrSecret, tmpKey));
+    const decrypted = decrypt(symmetricKey, encrypted);
+    console.log('decrypted', decrypted.length, 65 + 32); // true
+    const [pappEncrPublicKey, userPublicKey] = HandshakeResponseSensitiveData.dec(decrypted);
+    const sharedSecret = createSharedSecret(encrSecret, pappEncrPublicKey);
+    const session = createSession({
+        sharedSecret: sharedSecret,
+        accountA: ssPublicKey,
+        accountB: pappEncrPublicKey,
+    });
+    console.log('userPublicKey', userPublicKey.length, toHex(userPublicKey));
+    console.log('sessionTopic', session.a.length, toHex(session.a));
+    return {
+        pappAccountId: userPublicKey,
+        sessionTopic: session.a,
+    };
+}
+async function getSecretKeys(appId, secretStorage) {
+    let ssSecret = await secretStorage.readSsSecret();
+    if (!ssSecret) {
+        // TODO randomize seed
+        // For testing purpose only
+        const seed = createStableSeed(appId, SS_SECRET_SEED_SIZE);
+        ssSecret = createSsSecret(seed);
+        await secretStorage.writeSsSecret(ssSecret);
+    }
+    let encrSecret = await secretStorage.readEncrSecret();
+    if (!encrSecret) {
+        // TODO randomize seed
+        // For testing purpose only
+        const seed = createStableSeed(appId, ENCR_SECRET_SEED_SIZE);
+        encrSecret = createEncrSecret(seed);
+        await secretStorage.writeEncrSecret(encrSecret);
+    }
+    const ssPublicKey = getSsPub(ssSecret);
+    const encrPublicKey = getEncrPub(encrSecret);
+    return { ssPublicKey, encrPublicKey, ssSecret, encrSecret };
+}
+function createDeeplink(payload) {
+    return `polkadotapp://pair?handshake=${toHex(payload)}`;
+}
+function waitForStatements(transport, topic, abortSignal, callback) {
+    return new Promise((resolve, reject) => {
+        const unsubscribe = transport.subscribeStatements([topic], statements => {
+            if (abortSignal?.aborted) {
+                unsubscribe();
+                try {
+                    abortSignal.throwIfAborted();
+                }
+                catch (e) {
+                    reject(e);
+                }
+            }
+            callback(statements, value => {
+                unsubscribe();
+                resolve(value);
+            });
+        });
+    });
+}

package/dist/modules/statementStore.d.ts

@@ -0,0 +1,13 @@
+import type { UnsignedStatement } from '@polkadot-api/sdk-statement';
+import type { SsSecret } from './crypto.js';
+export declare function createSession({ sharedSecret, accountA, accountB, pinA, pinB, }: {
+    sharedSecret: Uint8Array;
+    accountA: Uint8Array;
+    accountB: Uint8Array;
+    pinA?: string;
+    pinB?: string;
+}): {
+    a: Uint8Array<ArrayBufferLike>;
+    b: Uint8Array<ArrayBufferLike>;
+};
+export declare function createStatement(secret: SsSecret, payload: UnsignedStatement): Promise<import("@polkadot-api/sdk-statement").SignedStatement>;

package/dist/modules/statementStore.js

@@ -0,0 +1,20 @@
+import { getStatementSigner } from '@polkadot-api/sdk-statement';
+import * as sr25519 from '@scure/sr25519';
+import { getSsPub, khash, mergeBytes, stringToBytes } from './crypto.js';
+export function createSession({ sharedSecret, accountA, accountB, pinA, pinB, }) {
+    const sessionPrefix = stringToBytes('session');
+    const pinSeparator = stringToBytes('/');
+    function makePin(pin) {
+        return pin ? mergeBytes(pinSeparator, stringToBytes(pin)) : pinSeparator;
+    }
+    const accountASessionParams = mergeBytes(sessionPrefix, accountA, accountB, makePin(pinA), makePin(pinB));
+    const accountBSessionParams = mergeBytes(sessionPrefix, accountB, accountA, makePin(pinB), makePin(pinA));
+    return {
+        a: khash(sharedSecret, accountASessionParams),
+        b: khash(sharedSecret, accountBSessionParams),
+    };
+}
+export function createStatement(secret, payload) {
+    const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => sr25519.sign(secret, data));
+    return signer.sign(payload);
+}

package/dist/papp.d.ts

@@ -0,0 +1,25 @@
+import type { Identity, IdentityAdapter } from './adapters/identity/types.js';
+import type { StatementAdapter } from './adapters/statement/types.js';
+import type { StorageAdapter } from './adapters/storage/types.js';
+import type { SignInStatus } from './modules/signIn.js';
+export type PappAdapter = {
+    auth: {
+        signIn(): Promise<Identity | null>;
+        abortSignIn(): void;
+        getCurrentUser(): Promise<Identity | null>;
+        getSignInStatus(): SignInStatus;
+        onSignInStatusChange(callback: (status: SignInStatus) => void): VoidFunction;
+    };
+};
+type Adapters = {
+    statements: StatementAdapter;
+    identities: IdentityAdapter;
+    storage: StorageAdapter;
+};
+type Params = {
+    appId: string;
+    metadata: string;
+    adapters?: Adapters;
+};
+export declare function createPappAdapter({ appId, metadata, adapters }: Params): PappAdapter;
+export {};

package/dist/papp.js

@@ -0,0 +1,54 @@
+import { getWsProvider } from '@polkadot-api/ws-provider';
+import { createIdentityRpcAdapter } from './adapters/identity/rpc.js';
+import { createPapiLazyClient } from './adapters/lazyClient/papi.js';
+import { createPapiStatementAdapter } from './adapters/statement/rpc.js';
+import { createMemoryAdapter } from './adapters/storage/memory.js';
+import { SS_ENDPOINTS } from './constants.js';
+import { createSignInFlow } from './modules/signIn.js';
+export function createPappAdapter({ appId, metadata, adapters }) {
+    let statements;
+    let identities;
+    let storage;
+    if (adapters) {
+        statements = adapters.statements;
+        identities = adapters.identities;
+        storage = adapters.storage;
+    }
+    else {
+        const lazyPapiAdapter = createPapiLazyClient(getWsProvider(SS_ENDPOINTS));
+        storage = createMemoryAdapter();
+        identities = createIdentityRpcAdapter(lazyPapiAdapter, storage);
+        statements = createPapiStatementAdapter(lazyPapiAdapter);
+    }
+    const signInFlow = createSignInFlow({ appId, metadata, statements, storage });
+    const papp = {
+        auth: {
+            signIn() {
+                return signInFlow.signIn().then(result => {
+                    if (result) {
+                        return identities.getIdentity(result.pappAccountId);
+                    }
+                    return null;
+                });
+            },
+            getCurrentUser() {
+                return signInFlow.getSignedUser().then(result => {
+                    if (result) {
+                        return identities.getIdentity(result.pappAccountId);
+                    }
+                    return null;
+                });
+            },
+            getSignInStatus() {
+                return signInFlow.getSignInStatus();
+            },
+            onSignInStatusChange(callback) {
+                return signInFlow.onStatusChange(callback);
+            },
+            abortSignIn() {
+                return signInFlow.abortSignIn();
+            },
+        },
+    };
+    return papp;
+}

package/dist/structs.d.ts

@@ -0,0 +1,24 @@
+type TransportError = 'decryptionFailed' | 'decodingFailed' | 'unknown';
+export declare const ResponseCode: import("scale-ts").Codec<TransportError>;
+export declare const RequestV1: import("scale-ts").Codec<{
+    requestId: string;
+    data: Uint8Array<ArrayBufferLike>;
+}>;
+export declare const ResponseV1: import("scale-ts").Codec<{
+    requestId: string;
+    responseCode: TransportError;
+}>;
+export declare const StatementData: import("scale-ts").Codec<{
+    tag: "requestV1";
+    value: {
+        requestId: string;
+        data: Uint8Array<ArrayBufferLike>;
+    };
+} | {
+    tag: "responseV1";
+    value: {
+        requestId: string;
+        responseCode: TransportError;
+    };
+}>;
+export {};

package/dist/structs.js

@@ -0,0 +1,32 @@
+import { Bytes, Enum, Struct, enhanceCodec, str, u8 } from 'scale-ts';
+export const ResponseCode = enhanceCodec(u8, error => {
+    switch (error) {
+        case 'decryptionFailed':
+            return 1;
+        case 'decodingFailed':
+            return 2;
+        case 'unknown':
+            return -1;
+    }
+}, code => {
+    switch (code) {
+        case 1:
+            return 'decryptionFailed';
+        case 2:
+            return 'decodingFailed';
+        default:
+            return 'unknown';
+    }
+});
+export const RequestV1 = Struct({
+    requestId: str,
+    data: Bytes(),
+});
+export const ResponseV1 = Struct({
+    requestId: str,
+    responseCode: ResponseCode,
+});
+export const StatementData = Enum({
+    requestV1: RequestV1,
+    responseV1: ResponseV1,
+});

package/dist/types.d.ts

@@ -0,0 +1,6 @@
+declare const __brand: unique symbol;
+export type Branded<T, K extends string> = T & {
+    [__brand]: K;
+};
+export type SessionTopic = Branded<Uint8Array, 'SessionTopic'>;
+export {};

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@novasamatech/host-papp",
+  "type": "module",
+  "version": "0.4.0-0",
+  "description": "Polkadot app integration",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/novasamatech/spektr-sdk.git"
+  },
+  "keywords": [
+    "polkadot"
+  ],
+  "main": "dist/index.js",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "dependencies": {
+    "@polkadot-api/utils": "0.2.0",
+    "@polkadot-api/sdk-statement": "0.2.0",
+    "@scure/sr25519": "0.3.0",
+    "@noble/curves": "2.0.1",
+    "@noble/hashes": "2.0.1",
+    "@noble/ciphers": "2.0.1",
+    "polkadot-api": "1.22.0",
+    "nanoevents": "9.1.0",
+    "scale-ts": "1.6.1"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}